日志文件中有很多错误,例如:
[Tue Jul 19 09:56:45 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/xqxsmirserver6.rar
[Tue Jul 19 09:56:45 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/mirserver6.rar
[Tue Jul 19 09:56:46 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/mirserver6.rar
[Tue Jul 19 09:56:46 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/vqkbmirserver7.rar
[Tue Jul 19 09:56:46 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/mirserver7.rar
[Tue Jul 19 09:56:47 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/mirserver7.rar
[Tue Jul 19 09:56:47 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/pebv12.rar
[Tue Jul 19 09:56:48 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/12.rar
[Tue Jul 19 09:56:48 2011] [error] [client 61.160.222.90] File does not exist: /var/www/vhosts/xxx.com/httpdocs/12.rar
我相信这些错误是攻击者试图获取后门文件造成的。我该如何阻止这些访问或阻止攻击者,他们可能会快速更改 IP。
答案1
从根本上来说,你不能——你无法控制某人可能会选择从你的服务器随机请求哪些 URL。
但是,您可以采取各种措施来减轻人们随机猜测 URL 的影响,比如速率限制、自动(或手动)阻止您检测到的以您不希望的方式行事的 IP 地址和范围,或者玩各种形式的愚蠢行为(例如,对持续滥用者进行 tarpitting)。
如果不知道您想要实现什么目标,那么任何人能给出的细节(包括建议的解决方案和实施细节)都是有限的。您可能需要严格定义您想要停止的事情(以及您希望如何做、您愿意承受哪些附带损害等等),然后将其作为单独的问题提出。
答案2
如果它们似乎来自同一个子网,您可能能够从路由器/防火墙内阻止该 IP 或子网。